I need to create an Active Directory user using python-ldap library. So, I authenticate with an admin account and I use "add_s" to create the user. Anyway, by default users are disabled on creation, and I can not set userAccountControl to swith off the flag ACCOUNTDISABLE, i.e. setting userAccountControl with 512 (NORMAL_ACCOUNT) value. See page http://support.microsoft.com/kb/305144 for a complete list of userAccount flags.
If I try, the server respond: ldap.UNWILLING_TO_PERFORM: {'info': '0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'} Same thing if - as someone suggests - I create the user without a password and try to set userAccountCreation later. This is the code I use to create the account. Any suggestions? ---------------------------- import ldap import ldap.modlist as modlist def addUser(username, firstname, surname, email, password): """Create a new user in Active Directory""" ldap.set_option(ldap.OPT_REFERRALS, 0) # Open a connection l = ldap.initialize(AD_LDAP_URL) # Bind/authenticate with a user with apropriate rights to add objects l.simple_bind_s(ADMIN_USER, ADMIN_PASSWORD) # The dn of our new entry/object dn="cn=%s,%s" % (username, AD_SEARCH_DN) displayName = '%s %s [%s]' % (surname, firstname, username) # A dict to help build the "body" of the object attrs = {} attrs['objectclass'] = ['top','person','organizationalPerson','user'] attrs['cn'] = str(username) attrs['sAMAccountname'] = str(username) attrs['userPassword'] = str(password) attrs['givenName'] = str(firstname) attrs['sn'] = str(surname) attrs['displayName'] = str(displayName) attrs['userPrincipalName'] = "%s...@mail.domain.it" % username # Some flags for userAccountControl property SCRIPT = 1 ACCOUNTDISABLE = 2 HOMEDIR_REQUIRED = 8 PASSWD_NOTREQD = 32 NORMAL_ACCOUNT = 512 DONT_EXPIRE_PASSWORD = 65536 TRUSTED_FOR_DELEGATION = 524288 PASSWORD_EXPIRED = 8388608 # this works! attrs['userAccountControl'] = str(NORMAL_ACCOUNT + ACCOUNTDISABLE) # this does not work :-( attrs['userAccountControl'] = str(NORMAL_ACCOUNT) # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.addModlist(attrs) l.add_s(dn,ldif) -- http://mail.python.org/mailman/listinfo/python-list